feat: add support for public DNS target IP and private DNS allowance in Cloudflare setup

2026-03-02 23:27:04 -06:00
parent 14a5773a2d
commit 63f5bf6ea7
7 changed files with 242 additions and 29 deletions
--- a/.env.example
+++ b/.env.example
@@ -124,6 +124,8 @@ TLS_MODE=cloudflare               # TLS mode: "cloudflare" (DNS-01 via CF API) o
 CADDY_DOMAIN=                     # Wildcard cert base domain (e.g. privacyindesign.com → cert for *.privacyindesign.com)
 CADDY_DATA_PATH=                  # Absolute path on host for Caddy data (e.g. /mnt/nvme/caddy)
 CLOUDFLARE_API_TOKEN=             # Cloudflare API token with Zone:DNS:Edit (only if TLS_MODE=cloudflare)
+PUBLIC_DNS_TARGET_IP=             # Phase 8 Cloudflare A-record target for GITEA_DOMAIN (public ingress IP recommended)
+PHASE8_ALLOW_PRIVATE_DNS_TARGET=false  # true only for LAN-only/split-DNS setups using private RFC1918 target IPs
 SSL_CERT_PATH=                    # Absolute path to SSL cert (only if TLS_MODE=existing)
 SSL_KEY_PATH=                     # Absolute path to SSL key (only if TLS_MODE=existing)